Acxiom’s letting you see the data they have about you (kind of)

Today, data broker giant Acxiom is letting you see the data the company selling on you. Well, at least some of it.

Acxiom has been selling your data for 44 years. The company has detailed dossiers on 96% of Americans with an average of 1500 data points in each, covering things from your estimated net worth to your shopping habits and contact information. Today, they’re finally letting consumers get a glimpse into what the company knows about them.

Although this is a step in the right direction, it’s nowhere near enough. Here’s why:

1. They aren’t showing you the full picture.

Although they try to beat around the bush on this point, Acxiom isn’t showing you all the data they have–and sell–about you. There’s still a serious disconnect between the data you can get as an individual about yourself (a little), and the data some random company can buy about you (a lot). Details like smoking and gambling habits aren’t available, although Acxiom has them. Does that seem fair?

Note: if you’re an Acxiom employee and you know the full scope of what’s in a person’s data file, please let us know! Email Sarah {at} Abine {dot} com. I’ll respect your anonymity.

2. To get your data, you have to give away your data.

So you want to see what Acxiom knows about you? Be prepared to hand over a lot of info: first name, last name, street address, city, state, zip, date of birth, last 4 digits of your Social Security Number, and email address are all required. Plus you have to agree to their Terms of Use and Privacy Policy, which have problems of their own (see point #4 below).

3. Their authentication is weak.

Acxiom says you have to fill in all the personal info above “for your protection,” so that only you can see your own data through their new portal. First of all, remember that this stuff is already for sale to anyone buying, so the notion of authenticating free visitors seems unnecessary. But if they’re going to rely on authentication, using purely public record data (except maybe SSNs) makes impersonation relatively easy. As long as you know someone’s basic info, you can see their more detailed profile on Acxiom’s website.

Bottom line: this “authentication” process seems more about Acxiom getting additional data from you than truly authenticating your identity in a secure way.

4. Their Privacy Policy lets them use the data you give them to see your info however they want.

Let’s recap: just to see your own data, Acxiom makes you give them a list of additional info. If you’re worried about handing a big data broker even more of your data, you should be: the terms of their policy are vague and don’t rule out uses beyond just viewing your information:

“The information you provide will be used to support your relationship with Acxiom on this website. To fulfill a particular request, the information you provide may be shared within the Acxiom Corporation family of businesses. We may use it to make this site easier for you to use and to inform you of services and product updates, new products and other related information from Acxiom.”

What does “support your relationship with Acxiom” mean? Apparently we all enter a committed relationship with Acxiom when we seek to view our own data, and it’s not even monogamous: it’s with the entire “Acxiom Corporation family of businesses.”

5. The data broker problem is bigger than Acxiom.

Acxiom is one of hundreds of big data brokers. This is an industry that’s largely in the shadows, that’s faced multiple FTC sanctions and investigations, and that consumers overwhelmingly dislike. You may have a partial glimpse into what one of them knows, but you’ve got hundreds to go.

For years, the FTC (and particularly Commissioner Julie Brill) have strongly recommended that Congress pass new laws cracking down on data brokers. Acxiom seems to be trying to get out in front of any regulation by voluntarily providing their new portal, but the fact remains that the data brokerage industry as a whole has serious work to do. The ad industry has failed at self-regulation, and we’re not optimistic about the data broker industry succeeding. People can’t afford to wait while their digital selves hang in the balance.

6. It still doesn’t give people what they really want: deleting their data.

Acxiom receives up to 29,968 requests a year from consumers to remove their information and only a max of 35 requests to correct that data (source: Acxiom’s response to questions from Representatives Markey and Barton). Acxiom’s opt-out option lets you “suppress” your data for marketing purposes, but it doesn’t actually delete it.

Looking at the numbers above, it’s clear that the only satisfying result to people is deleting their info, not correcting it. People don’t want targeted marketing; they want privacy. And until Acxiom gives consumers what they want, their solution won’t be enough.

So what should you do?

You can still opt-out of Acxiom’s databases the old-fashioned way, and you can access your data file through an offline report (con: it costs $5 and takes weeks to receive). You can also follow our DIY instructions for removing your data and personal information from some of the other biggest data brokers online.

But the biggest change you can make for the future is to start guarding your data: stop giving out your real information just because companies and websites ask for it, because chances are it’ll be funneled into a marketing database somewhere. Make aliases with tools like MaskMe (or just make up fake birthdates and names). If you fill out surveys or loyalty cards, don’t use your real info. The same goes for Facebook and other social networks, many of which have partnerships with the big data companies to track you offline and on.

For a long time, we’ve been calling for a one-stop website where consumers can see, correct, and delete the info that all data brokers have about them, like a Do Not Call registry for the web. Until that happens, or until the laws regarding data brokers get more strict, the way things currently are just isn’t working.

Now what do we do about those companies for which they have our info and we can NOT delete it or limit it? This Acxiom stuff is great (*sarcasm*) — more fodder for ID thieves AND worse: more revenue for the companies that sell the information.

“I know from working with Acxiom data in an IT environment that what I saw on the web site is less than 10 percent of the information that Acxiom has about me,” he said. “God only knows what the other stuff says, but for now Acxiom is not revealing most of my information to me.”